Search form

Search form

Zero trust security

Make it possible

Glossary

A

Advanced Persistent Threat (APT)

An advanced persistent threat (APT) is an attack in which an unauthorized person gains access to
a network
and stays there undetected. APTs are “advanced” because they use malware that can bypass or evade many types
of security protections. They are “persistent” because, once on the network, the malware is in regular
communication with command-and-control (C&C) servers to which it can send stolen data or from which it can
receive instructions.

Advanced Threat Protection (ATP)

Advanced Threat Protection (ATP) refers to a category of security solutions that defend against
sophisticated malware or attacks targeting sensitive data. ATP detects and responds to new and sophisticated
attacks that are designed to evade traditional security protections, such as antivirus, firewalls, and intrusion
prevention systems.

Learn how the Zscaler platform protects
against advanced threats, such as ransomware, polymorphic malware, and others.

AWS (Amazon Web Services)

AWS, a cloud services suite (including EC2, RDS, S3, SQS, and VPC), make up the Amazon cloud
computing platform, which many companies are using to connect to private applications and workloads on the cloud.

Learn how Zscaler Private Access provides AWS
customers with added security when they access AWS workloads — without the cost, complexity, or security risks
of a VPN.

B

Bandwidth

Network bandwidth is the measurement of a communications channel. Bandwidth varies and affects
the speed and volume of data that can be transmitted over an internet connection.

Bandwidth Control

Bandwidth control is the practice of allocating available bandwidth to optimize the performance
of mission-critical communications, such as Office 365, while reducing bandwidth allocation for lower-priority
or recreational applications, such as YouTube.

Behavioral Analysis

Behavioral analysis involves monitoring the behavior of a file in an isolated environment, such
as a sandbox, to protect users from unknown (zero-day) threats. Through this monitoring, a file’s functions, and
how it interacts with its environment, can be understood by IT security professionals. It also identifies
whether a file will attempt to communicate with an attacker-controlled external server for command-and-control
purposes or to download additional [malicious] files.

Botnet

A botnet is any number of internet-capable devices that, unknown to their owners, have been
hijacked by malicious users and infected with code. This code may instruct the infected devices to spread the
malware, or it may instruct them send repeated requests to a particular server, which results in a
denial-of-service (DoS) attack.

Breach

Branch Transformation

Branch transformation is the enablement of traffic in the branch to be routed directly and
securely to the internet, rather than being routed through MPLS links to the data center before it can go out to
the internet. Branch transformation is a key element of IT transformation.

C

CASB (Cloud Application Security Broker)

CASB is software that acts as a liaison between cloud services customers and service providers.
CASB provides visibility into what cloud services are being used and supports organizations with compliance,
threat protection, and security for cloud services.

CDN (Content Delivery Network)

A CDN is a system of servers distributed across a network. CDN servers copy and
deliver web content closest to users based on their geographic locations, improving the delivery of content by
speeding up page loads and optimizing overall network performance.

According to Cisco, 40 percent of internet traffic crosses CDNs. And, because that traffic is trusted, it tends
to go uninspected by most organizations. Zscaler adds a layer of security and compliance between your existing
infrastructure and the internet to protect against attacks hiding behind CDN-delivered traffic.
Learn more.

Cloud

The term cloud commonly refers to the internet, which supports the delivery of services to users
on demand from a provider’s servers rather than their own. Cloud service delivery enables scalable, easy access
to applications and services with fewer resources.

There is a distinction between public clouds and private clouds. Public clouds are multi-tenant environments in
which organizations may consume applications, infrastructure, and services on a pay-per-use basis without the
need to own the IT infrastructure. With public cloud services, organizations can add or remove users and
services easily, thereby eliminating much of the management involved in the deployment of software and services.
Private clouds, which may be housed onsite or in hosted environments, are single-tenant environments where the
hardware, storage, and network are dedicated to a single organization. Private clouds are chosen by
organizations that want the promise of greater control, privacy, and security, and they want to know exactly
where their data resides.

Cloud Application

A cloud application is a software application that is delivered over the web as a service rather
than from a data center or local machine. Examples of cloud applications include Microsoft
Office 365, Google Apps, Salesforce, and Box.

Cloud Application Visibility

Cloud application visibility is the ability to see all the cloud applications in use throughout
your organization, giving you the power to control and protect your data. Because Zscaler sits inline, it can
see all traffic, coming and going, whether it’s sanctioned by IT or not.

Cloud Architecture

Cloud architecture refers to the components and subcomponents required for cloud computing. The
front end is what the end user sees; it consists of interfaces and applications that are
required to access the cloud computing platforms. The back end consists of all the
infrastructure and resources required to provide the cloud computing service, which generally include servers,
data storage, virtual machines, security mechanisms, services, and more.

The Zscaler security platform is built on a globally distributed, multi-tenant cloud architecture. It has been
built from the ground up to deliver security and access controls on a massive scale. Its many patented
technologies (100 as of January 2017) enable comprehensive security for users everywhere with ultrafast
performance. Learn about the Zscaler cloud architecture.

Cloud Computing

Cloud computing is an internet-based, client-server approach to storing, managing, and
processing data. Key features of cloud computing include on-demand self-service, broad network access, resource
pooling, rapid elasticity, and measured service. It enables the delivery of applications and business processes
as services online, as opposed to resources like software and storage hardware that are “traditionally” housed
onsite. The three main categories of cloud computer are Infrastructure as a Service (IaaS), Platform as a
Service (PaaS), and Software as a Service (SaaS).

Cloud Enablement

Cloud enablement is the process by which organizations create, deploy, and operate IT
infrastructure, software, and resources that enable cloud computing.

Founded on the belief that cloud enablement is a business imperative, Zscaler helps to level the
playing field by bringing sophisticated, cloud-delivered security to enterprises.

Cloud Firewall

A cloud firewall provides the network security, application control, and visibility features
available in leading firewalls. But cloud firewalls have key advantages over hardware-based solutions.
Cloud-based solutions can, for example, scan traffic in real time to provide global, up-to-date protection.
Cloud firewalls can also scan encrypted traffic, whereas hardware solutions are extremely limited, and with the
majority of internet traffic now encrypted, they leave a lot of traffic uninspected.

Zscaler Cloud Firewall brings next-gen firewall controls and advanced proxy-level security to all users in all
locations. Because Zscaler is 100 percent in the cloud, there’s no hardware to buy, deploy, or manage. Learn
more about Zscaler Cloud Firewall

Cloud Governance and Compliance

Cloud governance and compliance consists of a set of regulatory processes by which policies and
procedures are created and followed to protect the security of cloud applications and data.

Cloud Migration

Cloud migration refers to the movement of applications and infrastructure from a physical data center to public and private clouds. The adoption of SaaS applications, such as Salesforce and Microsoft Office 365, is an example of this migration, and so is the movement of internally managed applications, such as SAS and Oracle, to cloud infrastructure (IaaS) services, such as Microsoft Azure and Amazon Web Services (AWS). Chances are, you already have multiple apps in the cloud. Learn how to provide secure access to then, regardless of user location, on our secure cloud migration page.

Cloud Sandbox

In general, a sandbox is a computing environment in which a program or file can be executed in
isolation; if a file contains malicious code, the code can be detected before the file has the chance to infect
a computer or network. Sandboxes have long been used by software developers to test new
programming code and they have become a critical component of advanced threat protection.

Sandbox appliances generally sit in the data center and operate in TAP (Test Access Point) mode, which means that
a file being tested is also sent on to its destination. If the sandbox detects malicious content, it sends an
alert, but this can arrive too late. On the other hand, a cloud sandbox inspects internet traffic inline and
executes programs in the cloud before it reaches its destination. It inspects files for all users everywhere, on
the corporate network and off, there is no need to deploy sandboxes in dozens (or hundreds) of locations.

Cloud Security

Cloud security consists of technologies designed to protect information, data, applications, and
infrastructure, but unlike the stacks of appliances that sit at the gateway where they can scan inbound and
outbound traffic, cloud security is delivered from the cloud.

Cloud security offers many advantages over hardware-based security, especially as users have become mobile and
applications have moved to the cloud. It moves security from the network to the cloud, where it can scan all
traffic, even if it’s encrypted, no matter where it is headed or where it originated. The cloud also reduces the
cost and complexity of deploying and maintaining appliances.

Zscaler has designed and built the world’s largest cloud security platform with more than 100 data centers on
five continents. Learn more about cloud security.

Cloud Security Alliance (CSA)

The Cloud Security Alliance (CSA) is dedicated to defining and raising awareness of best
practices to help ensure a secure cloud computing environment. CSA works with industry experts, associations,
governments, and its corporate and individual members to offer cloud security–specific research, education,
certification, events, and products. CSA provides a forum through which diverse parties can work together to
create and maintain a trusted cloud ecosystem. Zscaler CEO Jay Chaudhry is a founding member of CSA. Learn more at CSA.

Cloud-washing

The term cloud-washing refers to the deceitful practice of rebranding products and services with
the term “cloud” to make them seem more relevant in today’s cloud-centric computing environment. Some vendors,
for example, may host an existing product (hardware or software) in a virtualized environment and call it a
cloud solution. But such an implementation has none of the characteristics of a true cloud solution, such as
elasticity, multi-tenancy, or automated, continuous updates.

D

Data Breach

A data breach is an incident in which sensitive data, such as personally identifiable information (PII), trade secrets, or intellectual property, has potentially been viewed, stolen, or used by an unauthorized individual.

Data breaches in the corporate environment are common and may be the result of the theft or loss of a computing device, internal employees inadvertently introducing malware into the network, or external hackers directly targeting a company’s network. Because these incidents can damage a company’s reputation and are costly and time-consuming to mitigate, data breach prevention is a top priority in most IT environments.

DLP (Data Loss Prevention)

Data loss prevention (DLP) refers to systems with which organizations can prevent end users from
sending sensitive information to unauthorized devices or recipients. DLP technology detects and blocks the
movement of data based on policies set by the network administrator. Such policies may be based on dictionaries,
which are algorithms designed to detect specific kinds of information in user traffic. They may also be defined
by user or group, URL categories, location, and more.

DDoS (Distributed Denial-of-Service)

A DDoS is an attack in which hundreds or thousands of computers or other internet-capable
devices (a “botnet”) are hijacked to strike against a single system, network, or application. If an organization
becomes compromised by a DDoS attack, its servers become overwhelmed by the barrage of “hits” from the botnet
and its services become unavailable.

Digital Transformation

Digital transformation broadly describes the adoption of digital technologies across an organization to improve flexibility, speed, efficiency, and intelligence, and, ultimately, drive growth and success. A transformation doesn’t simply replace existing processes and systems with new technologies. It’s a fundamental rethinking of business models and processes using digital technologies, such as cloud computing, big data, IoT, and artificial intelligence. The migration of applications and services to the cloud is an essential part of any digital transformation strategy.

Direct-to-internet (Direct-to-cloud)

In a traditional network model, traffic heading to the open internet or cloud apps and services is routed through outbound and inbound security gateways. For users in branch offices and remote locations, cloud-bound traffic is backhauled to the central data center or a regional hub to have security controls applied. But routing traffic over private (MPLS) networks only to have it head to the cloud is expensive and problematic, especially for applications like Office 365, which open multiple persistent connections per user. Microsoft says that Office 365 was designed to accessed “directly” for the best user experience. With more and more business traffic traversing the internet, “direct connections” improve efficiency, reduce costs, and dramatically improve the user experience. Learn about securing direct-to-internet connections here.

DoS (Denial of Service)

A DoS attack occurs when one compromised computer and internet connection inundates an entire
system or resource. When an army of remotely controlled computers inundates an entire system, that’s called a
Distributed Denial of Service (DDoS) attack. However, both types of attacks attempt to prevent internal
employees and customers from accessing an organization’s web-based service by either flooding or crashing the servers.

E

Elasticity and Scalability

The cloud is elastic in the sense that resource allocation can be increased or decreased on demand. Elasticity
enables scalability, which means that the cloud can scale upward for peak demand and downward
for lighter demand. Scalability also means that an application can scale whenever users are
added or application requirements change.

A DDoS is an attack in which hundreds or thousands of computers or other internet-capable
devices (a “botnet”) are hijacked to strike against a single system, network, or application. If an organization
becomes compromised by a DDoS attack, its servers become overwhelmed by the barrage of “hits” from the botnet
and its services become unavailable.
>The Zscaler multi-tenant cloud architecture delivers elastic scale for our customers while maintaining security
and data privacy. Learn more.

Encryption

Encryption is the process of converting data into code to protect information from unauthorized access.

A majority of global internet traffic now uses Secure Sockets Layer (SSL) encryption, yet many organizations
leave SSL inspection turned off, because it’s compute-intensive and severely impacts performance. The Zscaler
cloud inspects every byte of traffic — SSL included — so we can catch hidden threats before they get into your
network. Learn more.

Exact Data Match (EDM)

EDM is a critical component of data loss prevention. It refers to the ability to “fingerprint” sensitive information from a structured data source, such as a database, so you can identify it and stop it from being shared or transferred inappropriately. EDM identifies and correlates multiple tokens that contribute to a particular record—for example, name, birthdate, Social Security number—to identify ownership of that data for set policy for it.

F

Fingerprinting

Fingerprinting is a technique that maps large data items to short text strings (bit streams), which become identifiable fingerprints of the original data. Fingerprinting is a scalable way to identify and track sensitive information as it moves across a network, because engines only need to identify the fingerprints instead of the full data sets during inspection.

To enable visibility into cloud-delivered applications, like Google Apps, Zscaler offers a Cloud Application
Visibility and Control solution, which provides secure access and enables single sign‐on. Learn more.

H

HTTPS

HTTPS is an aggregate of HTTP and the Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
protocol, in which the authentication and encryption capabilities of SSL and TLS protect HTTP communications.
HTTPS is widely used, accounting for roughly 80 percent of internet traffic according to
Google. When a client accesses a website or a web application, HTTPS provides authentication
for both the website and associated web server and encrypts data between the client and server.

An increasing number of malware authors are using SSL to hide threats, yet many organizations still allow SSL
traffic to go uninspected. Learn About the Zscaler
platform’s native SSL inspection.

Hybrid Cloud

A hybrid cloud is a networking environment that uses a combination of on-premises and public and
private cloud platforms.

I

IoT (Internet of Things)

The IoT is the interconnection of a wide range of devices — thermostats, televisions, printers,
security cameras, and more — that have IP addresses, enabling them to send and receive data.

While the IoT offers great potential for businesses to create new services and improve operational efficiencies,
it offers a greater potential for security breaches. Zscaler provides comprehensive, cost-effective protection
for all your internet-connected devices.

Internet Security

Internet security encompasses browser security, the security of data entered through a web form,
and overall authentication and protection of data sent via internet protocol.

Zscaler offers the world's first and only 100% cloud-delivered internet security platform — providing secure,
policy-based access to the internet and private apps for every user, on any device, and in all locations. Learn more.

M

Malware

Malware, or malicious software, is any program or file that is designed to compromise a computer
or network. Malware includes many varieties of computer viruses, worms, Trojan horses, spyware, and adware, and
it has become both plentiful and sophisticated. Malware is coded to perform a range of functions, including
stealing, encrypting, or deleting sensitive data; altering or hijacking core computing functions; and monitoring
users' computer activity without their permission.

Zscaler inspects all traffic, including SSL, for unmatched protection against malware and other threats. Learn more.

Microsoft Azure

Microsoft Azure is a platform-as-a-service (PaaS) offering that enables developers to create and
house cloud-based applications and services.

Microsoft Office 365

Microsoft Office 365 is the most widely used cloud-delivered enterprise application today. It
has made the ubiquitous Microsoft Office suite of applications available as a subscription service. Because
Office 365 was developed for cloud use, Microsoft recommends direct internet access for the best user
experience, and distributed organizations with hub-and-spoke architectures are encouraged to enable local
internet breakouts in their branch offices.

In addition, Microsoft Office 365 can often result in the need for infrastructure upgrades, as it dramatically
increases the number of persistent connections that quickly exceed firewall capacities.

Zscaler makes Microsoft Office 365 deployment fast and easy, and enables secure local breakouts
for remote offices, so users can quickly become productive. It requires no infrastructure changes — no hardware,
no backhauling, and no impact on performance. Learn more.

Multi-Tenancy

Multi-tenancy is an architecture in which multiple systems, applications, or data from different
enterprises are hosted on the same physical hardware. Multi-tenancy is a common feature of cloud-delivered
services, as it allows clouds to share IT resources cost efficiently and securely.

Multi-tenancy is what enables the Zscaler cloud architecture to secure users anywhere they go because it allows
policies to follow users. It also provides the scale needed to deliver multiple security services without
latency. Perhaps most importantly, multi-tenancy is what fuels cloud intelligence, which means that if a threat
is detected for any one of the 15 million users on the Zscaler cloud, protections are immediately propagated for
all 15 million users. Learn more.

N

Network Transformation

Applications and infrastructure have moved to the cloud, and users have moved off the network, working on a range of unmanaged mobile devices. Forcing user traffic over established private networks and through centralized security controls or regional hubs is expensive, inefficient, and provides a poor user experience. Organizations are moving away from these traditional hub-and-spoke architectures to new, secure direct-to-cloud architectures. They are taking advantage of SaaS and IaaS, platforms, storage, and much more, and benefiting from cloud intelligence and agility to make their business more efficient and competitive. See how your can transform your network and security.

NGFW (Next-Generation Firewall)

NGFW is a hardware- or software-based network security system that detects and blocks
sophisticated attacks by enforcing security policies at the application level, as well as at the port and
protocol level.

The Zscaler Cloud Firewall provides NGFW protection for all users, in all locations, across all ports and
protocols — without the need to deploy or maintain hardware or software. Learn more.

O

Office 365 Migration/Deployment

Because Office 365 was developed for cloud use, there are many hurdles to overcome when attempting to deploy it on a traditional hub-and-spoke architecture. With Zscaler customers who have migrated to Office 365, we’ve seen an average increase in network utilization of 40 percent, and that’s because each user is now generating between 12 and 20 persistent connections. This increase can easily overwhelm firewalls and increase your transport budget. It’s important to learn the network implications of Office 365 and the steps you can take to ensure a successful rollout. Learn about Zscaler for Office 365.

P

Persistent Threat

R

Ransomware Protection

Ransomware is often delivered in infected email and may be targeted to a specific user or users. Attackers are good at making their email look legitimate, and they often hide their malware payloads in encrypted messages. So, while training users to be careful about opening attachments is critical to avoiding the download of malware/ransomware, it’s only a first step. You also need multi-layered security, with various tools working together to block malicious traffic, decrypt and scan encrypted messages, and prevent attempts to contact command-and-control systems. The Zscaler Cloud Security Platform combines eight different security engines that allow you to quickly discover and block coordinated attacks. Learn more.

S

Salesforce

Salesforce, founded in 1999, is the first major cloud-delivered, pay-as-you-go platform.
Salesforce upended the world of enterprise applications by delivering software as a service (SaaS) and betting
on a pure-cloud future. The company has remained the leader in online customer relationship management (CRM) tools.

SD-WAN (Software-Defined Wide Area Network)

SD-WAN is software-defined networking (SDN) technology applied to WAN connections, which are
used to connect enterprise networks — including branch offices and data centers — over large geographic distances.

Secure Web Gateway

A secure web gateway provides threat protection and policy enforcement for users accessing the
web. It prevents users from accessing infected websites and prevents infected or otherwise unwanted traffic from
entering an organization’s internal network. It is used by enterprises to protect their employees from accessing
and being infected by malicious web traffic, websites, and viruses/malware.

The Secure Web Gateway is a critical component of the Zscaler Cloud Security Platform. The Zscaler Secure Web
Gateway has been named a leader in the Gartner Magic Quadrant for secure web gateways for six consecutive years.
Read more about Zscaler Web Security and Zscaler’s
position in the Gartner Magic Quadrant.

SLA (Service-Level Agreement)

An SLA is a contractual agreement between a service provider and customer that defines the level
of service, responsibilities, and priorities. An SLA also makes guarantees regarding availability, performance,
and other service metrics.

Zscaler is ISO27001-certified and provides 99.999% availability guarantees, with additional SLAs on latency and security.

Software-defined Perimeter

The software-defined perimeter (SDP) is a cloud-based approach to secure access. SDP mediates the connection between users and internal applications, without placing users on the network. While the traditional security perimeter were designed to protect internal services from external threats, the widespread use of SaaS applications and IaaS extend the perimeter to the internet. The software defined perimeter enable organizations to deploy the perimeter in the cloud so it can protect assets anywhere they reside—inside the data center or in public or private clouds. Access Gartner’s findings on SDP here.

SSL (Security Sockets Layer)

SSL commonly refers to the two cryptographic protocols in computer network security — transport
layer security (TLS) and its predecessor, security sockets layer (SSL). The purpose of SSL is to provide secure
communications over a network, and SSL-encrypted data now accounts for more than 80 percent of all internet
traffic, according to Google. Many malware authors now hide their malicious code inside SSL-encrypted traffic.
Yet many organizations don’t scan SSL traffic, because it is compute intensive do to so, requiring considerable
hardware upgrades.

Zscaler inspect every byte of traffic — including SSL-encrypted traffic — so we can block hidden threats before
they get into your network. Learn more.

SSL Decryption, Encryption, and Inspection

SSL traffic accounts for about 80 percent of all internet traffic, making SSL decryption, encryption, and
inspection a vital component of your security posture. ThreatLabZ researchers found that more than
54 percent of the malware discovered by Zscaler security engines was hidden behind SSL.

Zscaler inspects all traffic — including SSL-encrypted traffic — so we can block hidden threats before they get
into your network. Learn more.

U

URL Filtering

URL filtering screens and blocks access or web content that is deemed inappropriate. URL
filtering also protects against exposure to web-borne malware and viruses. URL filtering is a component of the
Zscaler Secure Web Gateway. Learn more.

Z

Zero Trust

The zero trust security model was first introduced about ten years ago by an analyst at Forrester Research. The concept was built around the idea that enterprises should never inherently trust any user on or off the network. Access is granted based on user identity, device posture, and the policies defined for a particular application. Because all traffic must be inspected and logged in a zero trust model, it requires a level of visibility that’s not possible with traditional security controls. Zscaler Private Access enables zero trust security and access through multi-factor authentication, micro-segmentation, and visibility and reporting. Learn more.

Zscaler Private Access

Zscaler Private Access provides policy-based, secure access to private, internal applications no
matter where users connect or where the applications reside. With Zscaler Private Access, you can enable
authorized users to access an application without allowing access to your network. And your private apps are
never exposed to the internet. Learn more.

Zscaler Platform

Built on a global, multi-tenant architecture, the Zscaler platform is the world’s largest 100
percent cloud-delivered security platform with more than 100 data centers on five continents. The Zscaler
platform is the foundation on which the Zscaler Internet Access and Zscaler Private Access services are built.
Learn more about the platform.

Ready to transform your company?

Zscaler security is so comprehensive, you can forget about it. See for yourself.